Cybersecurity
Cybersecurity Is Moving From Detection to AI Resilience
With virtually all assets, business activity, or valuable data recorded digitally, continuous access to these data and IT systems is essential.
This is what an extortion tactic called ransomware preys upon. It infiltrates an electronic device or network, locks users out of their data (usually through encryption), and then demands a ransom to provide the decryption key to restore access.
Ransomware is a quickly growing criminal activity, with global damages projected to exceed USD 265 billion annually by 2031.
The issue is becoming critical, as modern ransomware campaigns now target not only individuals but also corporate networks, municipal systems, and critical infrastructure sectors such as healthcare, finance, and energy.
“In 2024 the healthcare sector recorded the highest breach costs of any industry, averaging USD 10.93 million per incident, driven by extended downtime, HIPAA-related penalties, and the remediation of protected health information.”
These incidents are more serious and involve larger sums being extorted, even though 88% of all ransomware incidents target small and medium-sized enterprises (SMEs).
“Organizations that paid a ransom reported an average payment of USD 2 million, up from USD 400,000 in 2023. Beyond immediate costs, the average organizational downtime following a ransomware attack now exceeds three weeks, resulting in compounded operational and productivity losses across business units”
Ransomware methods have become increasingly sophisticated, gradually rendering older, traditional signature-based and purely discriminative detection approaches insufficient. Tracing funds has also become harder as today, the ransom is usually required to be paid in cryptocurrencies.
In general, AI is both a problem and an opportunity for cybersecurity. It can help generate better fakes for phishing, improve the efficiency of social engineering, and create new failure points in a system architecture.
Source: Crowdstrike
A new publication also argues that generative AI could help alleviate cybersecurity threats. And that this is especially true in the case of ransomware attacks.
It was written by a researcher at the University of Cincinnati in the Journal of Information Security and Applications1, under the title “Rethinking ransomware defense in the age of generative AI”.
How Does Ransomware Work?
Ransomware 101
Most ransomware will lock out data through encryption after a security breach, allowing the hacker to enter a device or a network. In some cases, it can even lock out the device’s user interface entirely, rather than encrypting individual files.
The ransom request is usually made with a demand for payment in cryptocurrency, with a strict time limit to get the data decrypted, after which they will be left stuck in that state forever.
In some cases labeled as double & triple extortion, data encryption is combined with threats to publicly leak stolen data, or even to attack your customers and partners if the ransom isn’t paid.
This can be especially problematic for confidential data like business information, valuable IPs, patients’ medical information, etc. And paying for decryption, or achieving decryption by other means, does not remove the stolen data from the hacker’s computers, which means this threat persists even after decryption.
In general, Cybersecurity experts and law enforcement agencies advise against paying the ransom, as it does not guarantee the restoration of the data, and can often label the victim a “good” target for subsequent attacks.
Losses from ransomware are not just for the eventual ransom, but also downtime and business disruption, reputation damage, costly recovery procedure, and additional security needed, etc.
“Organizations that experience ransomware incidents often face stakeholder distrust from customers, investors, and regulators. Customers perceive breaches as failures of due diligence, leading to decreased loyalty and increased churn. Investors may question the firm’s governance maturity and risk management posture, contributing to declines in market valuation”
How To prevent Ransomware
Beyond the generative AI methods proposed by this article, a few practices need to be put in place to reduce the risks of ransomware attacks and their severity.
The first is a general adoption of cybersecurity good practices and sufficient funding for IT teams and training for cybersecurity skills.
The second is keeping all software updated and patched, with a failure point somewhere, potentially leading to increasing vulnerability for the whole system.
The third is to pay attention to secured access and human errors, and provide training to avoid them, as many ransomware attacks start with social engineering and convincing at least one user to open a breach for the hackers.
Lastly, a serious policy for backup and data archiving can greatly reduce the impact of a ransomware attack by having almost up-to-date data to use for recovery.
Using Generative AI To Fight Ransomware
Current approach to ransomware focuses on signature-based antivirus tools, static rule engines, or incorporates only partially traditional machine-learning and deep learning models.
“These approaches heavily rely on labeled datasets and predefined attack signatures, leaving organizations exposed to zero-day exploits and polymorphic malware that continuously modify their code to bypass even multilayered detection systems.”
Generative AI, the same type of AI used by systems like ChatGPT, can help alleviate these limitations. In particular, several types of generative AIs can be used:
- Large Language Models (LLMs).
- Generative Adversarial Networks (GANs).
- Variational Autoencoders (VAEs).
- Diffusion Models.
What Each GenAi System Could Do?
LLMs can assist IT specialists and ordinary users in analyzing large volumes of system logs, incident reports, and threat intelligence feeds to identify emerging attack narratives or generate automated response recommendations.
GANs generated “fake” ransomware attacks that can be used to prepare for the real deal. So they can synthesize realistic ransomware variants to stress-test and retrain detection algorithms.
VAEs can learn latent behavioral representations that help distinguish malicious from benign system activity.
Together, GANs and VAEs can help generate synthetic ransomware samples and benign process data, addressing the persistent challenge of data scarcity and class imbalance in cybersecurity datasets.
In practice, Trust and interpretability are critical for adoption in real-world security operations centers. So GenAi-based systems will have to not only identify threats but also justify their outputs in ways understandable to human analysts.
Implementation & Additional Risks
Implementing these systems requires qualified expertise, as they are sensitive to data quality, computational latency, and retraining cost.
It should also be noted that these systems need to be implemented with care and appropriate governance safeguards.
Additional risks include model extraction attacks, prompt manipulation of LLM-assisted security tools, and adversarial poisoning of telemetry used during retraining cycles, all of which can undermine the reliability of AI-assisted cyber defense.
The same technology that can help against ransomware attacks can also be weaponized to automate phishing campaigns, create polymorphic malware, or mimic legitimate system behavior to evade detection.
Policy Recommendations
Use of Generative AI for cybersecurity needs to be incorporated in the broader framework of AI policies, both at the company/institution level and the national level.
This includes ethical oversight and policy alignment, ensuring AI use complies with privacy, security, and accountability standards.
Technical attention should also be given to resilience planning, including recovery testing, backup policies, and system redundancy.
Existing frameworks should help guide the implementation of GenAI into ransomware and broader cybersecurity efforts, such as ISO/IEC 42001, NIST AI Risk Management Framework, and EU AI Act compliance guidelines.
Organizational capacity needs also to be taken into account, with a progressive integration of Generative AI at the level of cybersecurity expertise present in a given organization the main limiting factor.
Overall, the ideal strategy is one of continuous learning, where organizational knowledge from incidents is integrated into AI retraining pipelines.
Investors Takeway
As AI technology progresses alongside ever more prevalent digitalization, so do threats and tools to counter them.
As a whole, ransomware protection is moving beyond endpoint detection toward broader AI-enabled resilience platforms that combine detection, simulation, governance, and human-in-the-loop response.
This should favor an integrated, holistic cybersecurity system that can integrate such AI tools smoothly, and provide the AI models with the data and environment with which they can be used to their full potential.
Investing In AI-Based Cybersecurity
Crowdstrike
(CRWD )
CrowdStrike was founded in 2012 with a cloud-first approach to cybersecurity, with a strong focus on B2B (business-to-business) markets.
CrowdStrike’s early move to the cloud allowed it to be ahead when it came to protecting this type of data, and proved a major competitive advantage to power its growth as more and more companies moved from self-secured, on-site servers to cloud servers.
A key point of CrowdStrike’s offer is that it brings together in a cloud environment what was before an extremely fragmented landscape of security solutions that needed to be integrated with each other. The company can provide security to all levels of the organization, from individual devices to the whole IT infrastructure of a company.
Source: CrowdStrike
Because cybersecurity is something that needs to be deeply integrated into a company’s operations, the choice of a cybersecurity provider is a long-term one.
This results in CrowdStrike’s revenues being highly predictable, with 98% gross retention of its user accounts. In H2 2026, the company is expecting 40% growth of net new ARR (annual recurring revenues).
The company is now an early mover in AI agent-driven cybersecurity, the way it has been an early mover in cloud-based cybersecurity in the past, already incorporating agentic defense at all levels of its systems.
Source: CrowdStrike
A key element will also be to provide security to AI agents used for personal and business tasks by users. While increasing productivity, these agents are also a new vector of attack for hackers and malware, and systems like CrowdStrike’s will increasingly become a must-have to secure the use of AI agents.
Overall, this gives the company a massive growth opportunity, especially as it has a dominant position in the cloud cybersecurity segment, the one most likely to provide the scale and quality of data needed to deploy generative AI and other AI technology for useful deployment for digital safety.
Source: CrowdStrike
Latest CrowdStrike (CRWD) Stock News and Developments
Study Referenced
1. Nelly Elsayed. Rethinking ransomware defense in the age of generative AI. Journal of Information Security and Applications. Volume 101, September 2026, 104547. https://doi.org/10.1016/j.jisa.2026.104547
